Efficient Application Recognition in Network Traffic

1. A system for providing application recognition with respect to incoming packet-based data traffic, the system comprising: one or more processors; and one or more memory devices having stored therein a plurality of instructions that, when executed by the one or more processors, cause the system to: analyze a portion of an incoming packet and route the incoming packet to a selected one of a plurality of separate application recognition tasks for performing application recognition based upon the analyzed portion, wherein each application recognition task utilizes a different process to perform application recognition; wherein the plurality of separate data paths application recognition tasks comprises a set of four virtual pipelines, with a first virtual pipeline utilizing fixed-attribute table lookup to provide application recognition for a first type of data traffic, a second virtual pipeline utilizing stateful processing in a processor of the one or more processors to provide application recognition for a second type of data traffic, a third virtual pipeline utilizing deep packet inspection to provide application recognition for a third type of data traffic, and a fourth virtual pipeline utilizing both deep packet inspection and stateful processing in a processor of the one or more processors to provide application recognition for a fourth type of data traffic.

2. The system of claim 1 wherein at least one application recognition task of the plurality of separate application recognition tasks utilizes deep packet inspection to perform application recognition.

3. The system of claim 1 wherein at least one application recognition task of the plurality of application recognition tasks utilizes a fixed-attribute table to perform application recognition.

4. The system of claim 1 wherein at least one application recognition task of the plurality of application recognition tasks provides stateful processing using a central processing unit to extract dynamic port information and provide predicted flow information for application recognition.

5. The system of claim 1 wherein the incoming packet includes header information and the modular packet processor analyzes the header information to select the application recognition task for application recognition.

6. A communication system for performing application recognition on an incoming packet of data traffic, the communication system comprising; a modular packet processor for receiving the incoming packets of data traffic, analyzing a portion of an incoming packet, and routing, based upon the analyzed portion, to a selected one of a plurality of separate application recognition tasks for performing application recognition, wherein each application recognition task utilizes a different process to perform application recognition; a memory coupled to the modular packet processor and including a fixed attribute table for storage of a plurality of application identification and their associated source internet protocol addresses, destination internet protocol addresses, source ports, destination ports and protocols; a central processing unit coupled to the modulator packet processor for performing stateful processing based upon dynamically exchanged port information to determine application recognition; and a deep packet inspection processor coupled to the modular packet processor for searching a packet payload for signature information used to provide application recognition.

7. A communication system of claim 6 , wherein the memory further includes: a connection table for storage of an association between a recognized application and an incoming packet; and a predicted flow table for storage of dynamic port information used in application recognition of stateful processing.

8. A method of performing application recognition on incoming data traffic comprising the steps of: submitting incoming data traffic to a modular packet processor; retrieving, in the modular packet processor, a portion of the header information from a packet of the incoming data traffic; determining whether stateful processing is required to perform application recognition and, if so: creating a copy of the incoming data traffic; sending the copy to a central processing unit for parsing to extract dynamic port information; downloading the dynamic port information to a connection table; and sending the original data traffic to an output interface; and determining, in the modular packet processor and based on the retrieved information, a proper application recognition task from a plurality of application recognition task to perform application recognition of the incoming data traffic, each application recognition task utilizing a different process to perform application recognition.

9. The method of claim 8 , where the determining step includes a step of determining if deep packet inspection is required to perform application recognition.

10. The method of claim 8 , where the determining step includes accessing a fixed attribute table to perform application recognition.

11. The method of claim 10 , using destination and protocol information to retrieve a proper application recognition task for application recognition from the fixed-attribute table.

12. The method of claim 8 wherein the method is implemented by a machine executing program code encoded on a non-transitory machine-readable storage medium.

13. The method of claim 8 wherein the method further comprises the step of storing the recognized application with an identification of the associated incoming data traffic in a connection table.

14. The method of claim 8 wherein the method further comprises the step of utilizing the modular packet processor to route the incoming data traffic to the proper application recognition task required to perform application recognition.